Last modified at 4/19/2016 2:24 PM by Koen Zomers

If you're having an on premises SharePoint 2013 farm on which you're using Add-Ins and more specifically Add-In Parts, you may run into the following security warning:

"You are being redirected to the following url that was not registered as the app launch url..."

AddInPartMS16004-SecurityWarning.jpg 

End users need to click on the link at the bottom of this ugly lenghty security warning before the actual content of the iFrame will be shown. This specifically happens when the page the Add-In Part is pointing to resides in your Add-In Web. In the below screen capture of a Visual Studio Add-In project (sorry for the lousy image quality), this is reflected by the ClientWebPart1 pointing to the HelloWorld.html page inside Module1.

AddInPartMS16004-VisualStudioSolution.jpg

This error is caused by installing Microsoft security patch MS16-004. Right after installing this patch, without even needing a reboot this behavior starts happening. As this same security patch is also included in the January 2016 CU, the same behavior starts happening when you install this or a later CU on your on premises SharePoint 2013 farm.

Even though the reason for this change is not documented anywhere at the time of writing, luckily the fix for it is easy. Just execute the following PowerShell on one of your on premises SharePoint 2013 farm servers:

Add-PSSnapin Microsoft.SharePoint.PowerShell
$farm = Get-SPFarm
$farm.Properties["CustomAppRedirect"] = $true
$farm.Update()

Directly after applying this update, the Add-In Parts should be showing their content again, without showing a security warning first.